Two-Factor Authentication (2FA)
Two-Factor Authentication (2FA) is an additional layer of security for the Infinity Portal. When a Primary Administrator enforces 2FA, Infinity Portal users must use an authenticator application on a mobile phone to confirm their identities before they get access to the Infinity Portal. If the authenticator application does not work, users can use SMS for 2FA.
For information about 2FA for MSSP Managed Security Service Provider (MSSP) - An managed security service provider (MSSP) provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services./Distributor child accounts, see Manage Accounts.
To configure 2FA for your Infinity Portal user account
You can configure 2FA for your Infinity Portal user account in the Profile Settings page.
-
Download one of these authenticator applications to your mobile phone:
-
Google Authentication
-
Microsoft Authenticator
-
Authy
-
-
In the Infinity Portal, open the Profile Settings page. In the upper-right corner:
-
Click the user name, or
-
Click the arrow next to the user name > Profile Settings.
The Profile Settings window opens.
-
-
Optional - Verify your mobile phone number for 2FA:
-
In the Phone field, enter your mobile phone number.
-
Click Send code.
Check Point sends an SMS to your phone with a six-digit code.
-
Enter the code in the Enter Code field.
-
Click Verify.
-
-
Toggle the Two-factor Authentication (2FA) switch to ON.
Note - When the switch is ON, you must use 2FA to log in to all Infinity Portal accounts to which you have access. When a Primary Administrator enforces 2FA for all users of the Infinity Portal account, the switch is ON by default and cannot be turned off.
The Two-Factor Authentication (2FA) configuration wizard window opens.
-
Follow the on-screen instructions to connect the authentication app with the Infinity Portal.
Note - If you did not verify your phone number in the Profile Settings window, you must verify it in the Two-Factor Authentication (2FA) configuration wizard.
-
Click Finish to close the wizard.
2FA enforcement settings in the Identity & Access page apply to all users of this Infinity Portal account. Only a Primary Administrator can change these settings.
-
In the Infinity Portal, click > Identity & Access.
-
In the Two-Factor Authentication (2FA) section, select when to enforce 2FA:
-
Enforce Two-Factor Authentication for every login to this account - Users must use 2FA to log in with username and password and for login with SSO Single Sign-On (SSO) - A session/user authentication process that permits a user to enter one name and password in order to access multiple applications. through an Identity Provider A system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. Acronym: IdP or IDP. (IdP).
-
Enforce Two-Factor Authentication for login with username and password - This option is selected by default.
A confirmation window opens.
-
-
In the confirmation window, click Enforce.
Reset 2FA when a user loses access to an account or when you think that an unapproved individual gained access to the account. Resetting 2FA for a user requires the user to re-configure 2FA. Only a Primary Administrator can reset 2FA for a user.
-
In the Infinity Portal, click > Users.
-
Select a user that has 2FA configured. The 2FA column of the table shows which users have 2FA configured.
-
From the top toolbar, click the Reset 2FA icon .
-
In the window that opens, click Reset.
Warning - This action cannot be undone.
The next time the user tries to log in to the Infinity Portal, the user is re-directed to the Two-Factor Authentication wizard. To access the Infinity Portal, the user must complete the wizard and then use 2FA to log in.